December 2010

December 29, 2010

Lots of folks sent me links yesterday to a story out of Michigan where Leon Walker is facing charges of hacking under a state statute for snooping on his wife's e-mail account.

Right now, the story seems to be swirling with misinformation. According to Mr. Walker, he was concerned about the welfare of the parties' young daughter and investigated his wife's e-mail to find out if she was having an affair with a previous husband (she was). He said that she kept a list of her passwords readily available by the parties' joint computer.

But according to the Today Show this morning, he accessed her account four months after she had filed for divorce (clearly knowing that he was not authorized to do so). Moreover, there are allegations that he had spyware on the computer which, if true, would violate both federal and state wiretap laws.

What has confounded me is all the noise, some of it coming from purported experts, saying that these charges shouldn't have been brought because the statute in question is a hacking statute. While it is true that these statutes are often primarily directed at those who attempt to steal identities, personal information or proprietary data, they are also applicable to the facts of this case.

And, no, it doesn't matter that they shared a computer or that the computer was marital property. The law is protecting privacy rights, even between husband and wife. The statute in question reads, in part:

A person shall not intentionally and without authorization or by exceeding valid authorization do any of the following:

(a) Access or cause access to be made to a computer program, computer, computer system, or computer network to acquire, alter, damage, delete, or destroy property or otherwise use the service of a computer program, computer, computer system, or computer network.

Clearly, if the wife's story is true, he violated that statute. I am amazed at the folks who have asked, "Don't prosecutors/law enforcement have more important things to do?" Enforcing computer privacy has become VERY important in our society. Now, I don't think Mr. Walker should get the maximum five year sentence - most of these cases seem to result in probation if they plea or are found guilty. And if spyware was used, jail time is not out of the question. Violating wiretap laws is a very serious business, with penlties to match. The facts of this case are by no means unique - we see dozens of these cases of spouses spying on one another every year.

With 358 news reports circulating about this story on the Internet today, I'm sure a lot of folks will be watching when Mr. Walker goes to trial on February 7th. I'll stay tuned as well and report back.

*****************************************

Click on the banner below to vote for your 12 favorite legal blogs among those honored to be included in the ABA Journal's Blawg 100. I am pleased that Ride the Lightning was included in the company of so many well-respected blogs. The last day to vote is December 30th.

December 16, 2010

The Ohio Supreme Court's Board of Commissioners on Grievances and Discipline recently published an opinion stating that judges may have Facebook friends. Judges were cautioned to use "constant vigil" and to maintain dignity in every comment, photograph or other information shared. Judges are even allowed to be friends with an attorney appearing before them.

And yes, they can tweet too, again being cautious about the ethical rules.

The opinion goes into some depth and notes that 40% of judges use social media, roughly the same percentage as the rest of the country.

This is the first time I've seen the subject officially addressed in such detail. As we've already seen, judges (along with lawyers) have managed to "step in it" when using social media, but directionally, educating judges on the ethical and responsible use of social media is the way to go - this is one train that left the station (full steam) quite a while ago.

*****************************************

Click on the banner below to vote for your 12 favorite legal blogs among those honored to be included in the ABA Journal's Blawg 100. I am pleased that Ride the Lightning was included in the company of so many well-respected blogs. The last day to vote is December 30th.

December 14, 2010

A recent Reuters Legal analysis of juror misconduct involving Google and social media is alarming, to say the least. Since 1999, at least 90 verdicts have been overturned or new trials granted, more than half of those in the last two years. In three quarters of the cases where judges declined to declare mistrials, they nonetheless found juror misconduct.

The article is well worth reading, especially because it includes some of the current horror stories from 2010.

Across the country, courts are adopting new, more specific jury instructions, but (I think) to little avail. As long as jurors have the ability to connect to the Internet by using computers or smartphones, it is my suspicion that the temptation to tweet, post or research is just too great for many jurors.

Some experts are suggesting that we simply help jurors to be more responsible. Not sure that's going to work all that well. In a world where jurors 'friend' each other while deliberating and discuss the trial on Facebook, we're got a major wrinkle in the jury system.

Not only do we need innovative solutions to this problem, we may need serious consequences for jurors who misbehave. How many mistrials can the system afford before the burden of jury misconduct becomes crushing?

*****************************************

Click on the banner below to vote for your 12 favorite legal blogs among those honored to be included in the ABA Journal's Blawg 100. I am pleased that Ride the Lightning was included in the company of so many well-respected blogs. The last day to vote is December 30th.

December 09, 2010

Let me answer my question this way. In a cyberwar between China and the U.S., my money is on the Chinese - and that doesn't make me happy. I think we're just lucky that the Russians and their cyber-experts are so bent on cybercrime that cyberwarfare has taken a back seat. Heaven help us if it takes a front seat because the cyber experts of the Russian Mafia are very sharp indeed. And the line between the Russian government and the Russian Mafia is very thin, as the recent cables released by WikiLeaks suggest.

OK, back to the original quesion. How did a mere private gain access to so much data and then copy and transport it? Regrettably, it was child's play.

He brought in a CD-RW labeled something like "Lady Gaga," erased the music and wrote a compressed split file. Private Manning rather accurately observed the total absence of security noting that there were "weak servers, weak logging, weak physical security, weak counter-intelligence, inattentive signal analysis... a perfect storm."

It would be difficult to describe it better. Manning allegedly recounted his clandestine exploits in a series of conversations that Adrian Lamo, the onetime hacker best known for breaking into networks belonging to the New York Times Co. and Yahoo, recorded in full. It makes for fascinating reading.

It is horrifying to see how lax security is or was. How is it possible that there was no access control here, allowing Manning to see things no private should have access to? How is it possible that internal alerts didn't go off when so much data was accessed and copied? How is it possible that there were no controls on removeable devices? This is clearly a case where heads should roll - those in charge of information security weren't just asleep at the switch - they were comatose.

We need roving teams of penetration experts assessing security throughout the government, but especially where classified data is held. Pretty simple idea, huh? Every network that holds such data should be assessed at least quarterly by those who know what they are doing - and that's the problem - such folks seem to be in short supply in the U.S.

Manning apparently saw himself as a whistleblower and wanted to stimulate worldwide discussion and reform. Indeed, as the cables prove, governments lie and lie chronically to their citizens. Not news, but without leaks we wouldn't have proof of the lies. What Manning did was clearly illegal and he will no dobut be punished severely, but what about WikiLeaks?

That is much less clear. No one has yet been able to point to a law that WikiLeaks broke though there are a lot of tortured efforts to make existing laws applicable. The New York Times and every other major newspaper has been printing leaks for years. WikiLeaks just got a lot of leaks in a very short time frame - the beauty and horror of a cyberworld.

There has been much wailing about the endangerment of lives, but it sounds pretty hollow. Bob Woodward, of Watergate fame, has taken a measured view of this. He noted that governments always claim that lives are endangered when information is leaked but in fact most of the leaks fall more into the embarassing category than the life-threatening category. Note that the cables have been redacted both on WikiLeaks and in the media to try to protect certain sources.

Frankly, I want to know that 85% of the humanitarian aid we sent to Pakistan was diverted to covert military actions. It's a pity that it takes a leak to rip the veil of deception from the government's face. The idea that the government can do anything it likes in utter secrecy (trust me, I'm from the government) has never had an appeal for free-thinking citizens.

I have an enormous respect for the Fourth Estate, which so often protects us from government and military misconduct by making it public.

Mind you, there need to be some secrets. No one would deny that. And there can be no secrets while government cybersecurity is so lax. But before condemning WikiLeaks or the newspapers which are publishing the cables, we should remember the words of Thomas Jefferson:

Our liberty depends on the freedom of the press, and that cannot be limited without being lost.

As a final note, anyone who has read the full account of the sex charges against WikiLeaks founder, Julian Assange, will note a rancid odor. Both women invited Mr. Assange to stay with them and acknowledge that the sex was consensual. Apparently in one case his condom broke and the other case is a little murkier as to what happened, but neither woman seemed inclined to press charges at the outset. In fact, the original rape charge was dropped a day later, only to be reinstated for reasons that remain suspect.

It doesn't pass the smell test. I think most fair-minded people have concluded that these charges are less about prosecution than persecution. Mr. Assange has become a most inconvenient fellow for many governments.

I do not know enough about Mr. Assange to know whether he is the folk hero that so many hold him to be. I do know that he lives austerely and that he seems to be committed to making information free, especially information indicating deceptive behavior by governments (and he apparently has such information regarding mega-corporations as well).

I admire the fact that he gave the keys to his data to four of the most respected international newspapers. He did give warning that these cables would be released. He has redacted information to protect sources. So far, he seems neither a fool nor a man who wishes to cause harm directly, though of course indirect harm may follow. He appears to have weighed inaction against action and found action warranted.

He has taken extrodianry steps to control the data through an encryption scheme that is apparently unbreakable by the most modern super computers. Hard to be in our business and not have a sneaking admiration for the intellect, cunning and planning that has thus far utterly defeated government and private attempts to circumvent Mr. Assange's work. Apparently those that used to process financial donations (MasterCard, VISA, PayPal, etc.) are currently suffering the rath of DDOS (Distributed Denial of Service) attacks from "unknown" sources. Perhaps they will reverse their decision to abandon the processing of donations for WikiLeaks, but I doubt it.

Few stories in my lifetime have been as interesting as this one, perhaps because it reminds me so much of Watergate and Vietnam and their related revelations about government corruption and deception, but escalated beyond imagining by the vast volumes of data in the cyberworld.

*****************************************

Click on the banner below to vote for your 12 favorite legal blogs among those honored to be included in the ABA Journal's Blawg 100. I am pleased that Ride the Lightning was included in the company of so many well-respected blogs. The last day to vote is December 30th.

December 07, 2010

The eDiscovery Daily Blog recently reported that sanctions in e-discovery have reached an all time high. Not especially surprising, but it sure is time to spread the gospel. The post summarizes a Duke Law Journal article which analyzed 401 cases involving motions for sanctions in ESI-related cases. In 230 of those cases, sanctions were granted.

It is no shock to learn that failure to preserve relevant ESI is the most common reason for sanctions, and perhaps not surprising that defendants are sanctioned roughly three times as often as plaintiffs.

For those of you who are statistic mavens, there are a number of interesting stats in the articles - the post and the article are well worth a read. For those of us who teach e-discovery regularly, these statistics need to be highlighted constantly - lawyers are still "not getting it" (after all these years) and judges are clearly tired of rapping knuckles. Recently, the severity of the penalties has increased, clearly signalling judicial intolerance for attorney incompetence and misconduct in e-discovery.

*****************************************

Click on the banner below to vote for your 12 favorite legal blogs among those honored to be included in the ABA Journal's Blawg 100. I am pleased that Ride the Lightning was included in the company of so many well-respected blogs. The last day to vote is December 30th.

December 03, 2010

Effective December 1, 2010, Rule 26 of the Federal Rules of Civil Procedure has some substantial changes, notably (this is the one that most often impacts us) that draft expert reports are now excluded from discovery except in limited circumstances. Fulbright & Jawoski issued a useful alert on this subject.

There are three significant changes:

1. Rule 26(a)(2)(B)(ii) is narrowed to require disclosure only of the “facts or data” considered by the expert witness (deleting the requirement that “other information” be disclosed);

The new provisions should reduce costs primarily by reducing the tactic of simultaneously engaging consulting and testifying experts, not to mention chasing down draft reports in the often forlorn hope of finding something useful to discredit the testifying expert or the expert's client. A good change.

***********************************************

Click on the banner below to vote for your 12 favorite legal blogs among those honored to be included in the ABA Journal's Blawg 100. I am pleased that Ride the Lightning was included in the company of so many well-respected blogs. The last day to vote is December 30th.

December 02, 2010

The crew at viaForensics is doing a good Anderson Cooper style job of "keeping 'em honest." Mobile apps are coming out so fast that our heads are spinning - and we are often quick to adopt them without vetting their security.

I'm always pleased to get a note from Andrew Hoog, the Chief Investigative Officer at viaForensics - here's what he wrote:

It's always worthwhile to check appWatchdogs - before we emulate the lemmings stampeding off the cliff, it is wise to consider whether we may be inviting data theft. The fact that you CAN download something doesn't mean you SHOULD.

**************************

Click on the banner below to vote for your 12 favorite legal blogs among those honored to be included in the ABA Journal's Blawg 100. I am pleased that Ride the Lightning was included in the company of so many well-respected blogs. The last day to vote is December 30th.

December 01, 2010

I was pleased to see yesterday that Reed Technology and Information Services, a member of the LexisNexis® Group,announced the introduction of Reed Tech Web Archiving Services powered by Iterasi (www.ReedTechWebArchiving.com). As the press release noted: "The comprehensive Web archiving service will help corporations, government, and professional services firms capture and preserve Web-based content to support the growing need for litigation protection, e-discovery, and compliance with various laws and regulations."

The offering is expected to be available In January and will create fully searchable and interactive archives that not only capture the way the website appeared, but also restore its functionality. Dynamic capture modules expand this scheduled or on-demand service to encompass the archiving of a company’s entire online presence, including company websites, blogs, Twitter, forums, Wikis, and more.

Dave Darst of LexisNexis and Chase Reeves of Iterasi are colleagues and friends, so I am happy to see them "married" in this venture. As readers of this blog will recall, Iterasi is one of the web archiving technologies that John and I found to be very impressive. Good luck and keep us apprised of developments!

Sensei Enterprises, Inc.

3975 University Drive
Suite 225
Fairfax, VA 22030
703.359.0700

Disclaimer

This blog is intended to impart general information and does not offer specific legal advice. Use of this blog does not create an attorney-client relationship. If you require legal advice, consult an attorney.